Kryptonite: TB1/2 Mac eGPU Support with FileVault, SIP, and ART Enabled
PurgeWrangler has worked generally well in ensuring eGPU support on old Thunderbolt 1 and 2 Macs, but users have always sacrificed security features such as System Integrity Protection. With macOS Big Sur, FileVault and thus Authenticated-Root also needed to be disabled. This in turn meant that delta software updates would break. While the lifecycle for most old Thunderbolt Macs is coming to end, I thought it'd be fitting to have a modern patching mechanism for them for the following reasons:
- Finally take advantage of years' of Apple's security innovations on patched systems.
- Users running unsupported versions of macOS on their machines may have an easy time integrating eGPU-related patches.
- It's fun and I finally got some time to mess about!
The solution involves using the already-popular OpenCore (OC) bootloader to inject a kext I am working on that actually implements the patches. The kext leverages Lilu, which OC users will be rather familiar with.
The bootloader configuration will allow users to boot any copy of macOS (10.13.4 or newer) they have installed using a lovely boot selector (part of OpenCore) and patch them on the fly, while keeping all security features enabled (except T2 chip, if used there). Additionally, for Bootcamp users, OpenCore can enable the iGPU on boot and allow for DSDT injections to enable "Large Memory" to assist with eGPU device allocation in Windows.
To get started: https://github.com/mayankk2308/kryptonite
@mac_editor, Amazing work! It worked first time for me on a clean macOS Big Sur 11.4 install on 2015 15-in MacBook Pro. The solution works through both cold-plug and hot-plug. The entire experience is very much the same as natively supported Macs. Thank you!
Here's a photo of the boot screen once I selected OpenCore from OPTION BOOT menu.
@itsage, sweet! Thank you for testing. Is SIP & ART/FileVault enabled on your system as well?
@mac_editor, SIP and ART were enabled. I did not turn on FileVault because I never liked it, but will turn it on to test next.
@itsage, nice. Hopefully it should work just fine with FV enabled.
@mac_editor, It works great with FileVault on. Thank you!
@itsage, thank you for testing. No worries about headless Macs, you can configure OpenCore to directly boot the OS you want and skip the boot picker entirely.